debian-resources/Debian Setup Notes.md

# Debian Setup Notes

# User Groups (admin)
```sudo usermod -aG sudo,adm,docker,dialout,plugdev,netdev,systemd-journal $USER```

# setup sources.list

deb http://debian.osuosl.org/debian/ testing main non-free-firmware contrib non-free
deb http://security.debian.org/debian-security testing-security main non-free-firmware contrib non-free
deb http://debian.osuosl.org/debian/ testing-updates main non-free-firmware contrib non-free



# Essential packages

```
apt install ncdu btop tmux fish fail2ban ripgrep rsync btrfs-progs htop mosh p7zip iperf3 fd-find mc kitty-terminfo curl git bat unrar rclone rar gocryptfs cryfs securefs wireguard lzop lz4
```


# RSYNC key home files, folders

```
10.8.0.2:~/.local/bin ~/.local/
10.8.0.2:~/.tmux.conf ~/

```

# Add Docker's official GPG key:
```
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
```

# Add the repository to Apt sources:
```
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF
```
```
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
```
# Dockge setup

## Quick Setup

```bash
# Create the directory structure
sudo mkdir -p /opt/stacks /opt/dockge

# Download and run the installer
cd /opt/dockge
curl https://dockge.kuma.pet/compose.yaml --output compose.yaml

docker compose up -d
```
Access at `http://your-ip:5001`

# NFS 

## Install packages

```
sudo apt install nfs-kernel-server nfs-common
```

## Create/edit exports on server
```
sudo nano /etc/exports
sudo exportfs -arv
sudo systemctl enable --now nfs-server
```

## Create mount points
```
sudo mkdir -p /mnt/{clust,omega,zion,hive}
```
## fstab entries

```
# Cthulhu
10.0.0.10:/storage /mnt/hive nfs rw,noatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,_netdev,x-systemd.automount 0 0

# Azathoth
10.0.0.2:/storage  /mnt/omega  nfs  defaults,_netdev,x-systemd.automount,noatime,user,x-systemd.device-timeout=30  0  0

# Zion
10.8.0.1:/storage  /mnt/zion  nfs  defaults,_netdev,x-systemd.automount,noatime,user,x-systemd.device-timeout=30  0  0

# Galaxy
10.8.0.99:/storage  /mnt/galaxy  nfs4 rsize=16777216,wsize=16777216,hard,proto=tcp,timeo=600,retrans=2,ac,acregmin=60,acregmax=600,acdirmin=60,acdirmax=600,noatime,_netdev,x-systemd.automount 0 0
```

# WireGuard Setup

## Generate keys
``` 
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key
```

### Config File Example
```
# /etc/wireguard/wg0.conf
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = <server_private.key contents>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client 1 (Zion)
[Peer]
PublicKey = <zion_public.key>
AllowedIPs = 10.8.0.2/32

# Client 2 (Galaxy)
[Peer]
PublicKey = <galaxy_public.key>
AllowedIPs = 10.8.0.99/32
```

## Enable IP forwarding
```
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Start and enable
sudo systemctl enable --now wg-quick@wg0
```
### WG Quick reference
```
# Check status
sudo wg show

# Restart
sudo systemctl restart wg-quick@wg0

# View handshake
sudo wg show wg0 latest-handshakes
# Check status
sudo wg show

# Restart
sudo systemctl restart wg-quick@wg0

# View handshake
sudo wg show wg0 latest-handshakes
```

# Samba

# fstab